Wednesday, November 3, 2010

Remove ThinkSmart as a First Badware Cloned from ThinkPoint

ThinkSmart (Think Smart or Think-Smart) installation is usually resulted from users agreement to upload and install Trojan.Horse.Win32.PAV.64.a remover. The virus is allegedly reported by Microsoft as Microsoft Security Essentials popup notify of it. In fact, those popups are faked and shown by trojan. If you ignore the suggestion once, it is going to be repeated twice end thrice and as many times as you need to infect your PC with the faked antispyware that the alert prompts you to install or delete the  trojan generating the set of alerts.
It is to be admitted that other routines are used to disseminate the rogue antispyware. Some of them are totally performed by rogue programs, i.e. no active participation of user is required.  In contrary, removal of ThinkSmart  usually requires from users certain actions. First of all, its welcome nag screen may need to be deleted. The initial of welcome nag screen is the one that appears once you start Windows and blocks desktop and Start Menu. Task Manager needs to be started to fix the issue. To open the program, press Ctrl, Alt and Del at once and select the process of the adware in the Process tab. Click End Process  button to terminate one or more of the following executables (usually only one is listed in the Process tab): Hotfix.exe, Antispy.exe,  Defender.exe.
This will unblock Windows and let you get rid of ThinkSmart and any other infections, including related trojan mentioned above, by the remover for malware. Click here to launch free scan with the remover.

ThinkSmart screenshot:

ThinkSmart removal tool:

ThinkSmart manual removal guide:
Delete ThinkSmart  files:
 %LocAppData%\tmp.exe
%LocAppData%\antispy.exe
%LocAppData%\defender.exe
%LocAppData%\hotfix.exe
%UserProfile%\Application Data\thinkpoint.exe
%UserProfile%\Application Data\hotfix.exe
Delete ThinkSmart registry entries:
 HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%LocAppData%\antispy.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnPostRedirect” = “0″
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = “0″
HKCU\Software\PAV
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce “SelfdelNT”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “tmp”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\hotfix.exe”
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ThinkSmart”

No comments: